Merge ~ankushpathak/ubuntu/+source/chrony:feat/split_out_pool_sources_oracular into ubuntu/+source/chrony:ubuntu/devel

This is not a blocker for review, but since you are using git, it would help to have the commits split into smaller chunks, and a small description of what is being done. Then you can also transport that into d/changelog with "git-ubuntu.reconstruct pkg/ubuntu/devel". That will put all commits since "pkg/ubuntu/devel" in one d/changelog entry. If the commit message is already in the format of d/changelog, then you don't need to do any other massaging in d/changelog other than version number. See the previous commits in pkg/ubuntu/devel for examples.

First pass

@ahasenack I have updated the MP to address your comments. Verified all the tests listed in the description.

> This change is altering the ordering of pools. Before, we had the ntp.ubuntu.com and the pool.ntp.org pools first, and then dhcp, and then sources.d. Now we have dhcp first, and then sources.d. In other words, dhcp is coming before the ubuntu ntp configuration. Any thoughts on that?

I don't think the order of pool configuration makes a difference. I have seen chrony synchronize with servers that were not listed first in the configuration.

I had to add debconf support to a package from scratch once, maybe this can help. It was in isc-kea[1].

1. https://code.launchpad.net/~ahasenack/ubuntu/+source/isc-kea/+git/isc-kea/+merge/439352

Ok, I'm starting to understand this better. So the whole point of the debconf questions is not to have the user answer them, ever, but just to be something we can preseed in the cloud images.

With these questions as they are, the cloud image would preseed them as follows, if I understood this correctly:
- configure_default_pools_in_sourcesd: FALSE, so that the cloud image build process would place a file in sources.d representing that cloud's choice of NTP pools
- preserve_user_configured_pools_in_sourcesd: TRUE, to cope with the case of the cloud user having changed that config to something else

Presumably you were thinking of having the cloud's NTP pools be also in a file called sources.d/default-ntp-pools.sources, or something else? Could you give me an example?

Now imagining the default ubuntu installation, and the debconf default answers are taken (i.e., no preseeding has happened to change them, like in the cloud case).

- fresh install: chrony.conf has no pools, and postinst will create sources.d/default-ntp-pools.source from scratch
- upgrade: if sources.d/default-ntp-pools.source was changed by the user, the changes are preserved (default for preserve_user_configured_pools_in_sourcesd is TRUE).

The problem in the upgrade case above is when the user made changes, and the package made changes too. In this scenario, the user won't be told that there have been packaging changes. Which is what we wanted for the cloud case, but not the ubuntu case. We are effectively treating this as if --force-confhold had been passed to dpkg, right?

I'm thinking we should only have a debconf prompt for the first case, where the cloud can preseed it in such a way that sources.d/default-ntp-pools.sources is not created, and the cloud can put something else in sources.d. But if there is a sources.d/default-ntp-pools.sources file, then it should be handled by ucf. Does this make sense, or am I missing another scenario, or made a mistake in my thinking?

How would you feel if we shipped a selection of ntp pools in /usr/share/chrony, one for each cloud, and one for ubuntu, and at install time used debconf seeding to pick one? The default would be the ubuntu pools.

The drawback is that these pools would be in the package, and if you had to change them, that would require an SRU each time.

I'm trying something around that idea.

@ahasenack I was out for several days, but I am working on addressing your comments.

I have discussed shipping cloud specific configuration with the chrony package within my squad. We don't think that's a good idea. Different clouds have different approaches to setup chrony time sources. The flexibility of being able to manage that through the CPC build hooks is the preferred approach.
I have elaborated further on this under point number 9 in this comment[0] on the bug.

[0] https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/2048876/comments/17

> Presumably you were thinking of having the cloud's NTP pools be also in a file called sources.d/default-ntp-pools.sources, or something else? Could you give me an example?

This would depend on the cloud. For instance, GCE relies on cloud-init to configure chrony time sources. So the drop-in file on GCE instances would depend on how cloud-init decides to configure time sources once this change lands. Another example, Azure uses a hw clock device which would ideally be configured through a file in `/etc/chrony/conf.d/`.

> I'm thinking we should only have a debconf prompt for the first case, where the cloud can preseed it in such a way that sources.d/default-ntp-pools.sources is not created, and the cloud can put something else in sources.d. But if there is a sources.d/default-ntp-pools.sources file, then it should be handled by ucf. Does this make sense, or am I missing another scenario, or made a mistake in my thinking?

This makes sense. To handle this I propose
* Remove the `chrony/preserve_user_configured_pools_in_sourcesd` debconf question
* And the following code change
```
db_get chrony/configure_default_pools_in_sourcesd
if [ "${RET}" = "true" ];
then
    ucf --debconf-ok --three-way "${packaged_default_ntp_pools_sources_filepath}" "${default_ntp_pools_sources_filepath}"
fi
```

Right, I did something like this in my branch. On top of your 3ff8196d943bd9896a1d3c7bc77e27ddf308da87 (still testing, and also have to change the text in tempaltes):

diff --git a/debian/NEWS b/debian/NEWS
index e335d28..260dcf5 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -3,9 +3,9 @@ chrony (4.5-3ubuntu2) oracular; urgency=medium
   Starting with chrony version 4.5-3ubuntu2 the default time sources are
   configured by default in the /etc/chrony/sources.d/default-ntp-pools.sources
   file.
- default-ntp-pools.sources is not tracked by ucf so removing default time
- sources and adding custom ones while avoiding a potential ucf prompt during
- chrony upgrade is possible.
+ This can be omitted by pre-seeding the
+ chrony/configure_default_pools_in_sourcesd debconf key to "False", in which
+ case the package will be installed without any time sources configured.

  -- Ankush Pathak <email address hidden> Tue, 16 Jul 2024 17:57:41 -0600

diff --git a/debian/chrony.config b/debian/chrony.config
new file mode 100644
index 0000000..446b883
--- /dev/null
+++ b/debian/chrony.config
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+reconfigure=""
+
+if [ "${1}" = "configure" ] || [ "${1}" = "reconfigure" ]; then
+ if [ "${1}" = "reconfigure" ] || [ -n "${DEBCONF_RECONFIGURE}" ]; then
+ reconfigure="yes"
+ fi
+ # ask questions on:
+ # - reconfigure
+ # - fresh install
+ if [ -n "${reconfigure}" ] || dpkg --compare-versions "$2" lt "4.5-3ubuntu2"; then
+ db_input low chrony/configure_default_pools_in_sourcesd || true
+ db_go || true
+ db_get chrony/configure_default_pools_in_sourcesd
+ fi
+fi
diff --git a/debian/postinst b/debian/postinst
index 1dc5ee5..4d6e0ef 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -9,6 +9,7 @@ set -e

 # targets: configure|abort-upgrade|abort-remove|abort-deconfigure

+ucf_managed_sources="true"
 case "$1" in
     configure)

@@ -21,35 +22,23 @@ case "$1" in

         default_ntp_pools_sources_filepath="/etc/chrony/sources.d/default-ntp-pools.sources"
         packaged_default_ntp_pools_sources_filepath="/usr/share/chrony/default-ntp-pools.sources"
-
- if [ ! -f "${default_ntp_pools_sources_filepath}" ];
- then
- db_input low chrony/configure_default_pools_in_sourcesd || true
- db_go
- db_get chrony/configure_default_pools_in_sourcesd
- if [ "${RET}" = "true" ];
- then
- cp --preserve "${packaged_default_ntp_pools_sources_filepath}" "${default_ntp_pools_sources_filepath}"
- fi
- # Handle the case where the system already has default-ntp-pools.sources that is different from the packaged version
- elif ! cmp -s "${packaged_default_ntp_pools_sources_filepath} "${default_ntp_pools_sources_filepath};
- then
- db_input low chrony/preserve_user_configured_pools_in_sourcesd || true
- db_go
- db_get chrony/preserve_user_configured_pools_in_sourcesd
- if [ "${RET}" = "false" ];
- then
- cp --preserve "${packaged_default_ntp_pools_sources_...

My branch is at https://code.launchpad.net/~ahasenack/ubuntu/+source/chrony/+git/chrony/+ref/oracular-chrony-split-sources-via-debconf, the diff above is probably hard to read

I'm using this for preseeding tests:
#!/bin/bash

debconf-set-selections <<EOF
chrony chrony/configure_default_pools_in_sourcesd boolean false
EOF

and

#!/bin/bash

debconf-set-selections <<EOF
chrony chrony/configure_default_pools_in_sourcesd boolean true
EOF

We can probably change the name of that key to something shorter, but let's leave that to the end.

I removed some brain farts, polished things up a bit, and pushed to https://code.launchpad.net/~ahasenack/ubuntu/+source/chrony/+git/chrony/+ref/oracular-chrony-split-sources-via-debconf

There is at least one remaining thing: what to do if the user has changed their chrony.conf, and opt to keep that config file in place in an upgrade. By default, the way things are now, we would install the ubuntu ntp sources in sources.d/, without removing them from chrony.conf (because the user opted to keep the config file instead of installing the new one from the package).

Could we collate chrony.conf plus all snippets from sources.d/*.sources and grep for ntp pools or servers? Ir there are any, then we don't install ours, and act as if chrony/configure_default_pools_in_sourcesd had been preseeded with "false".

I have a ppa here with a build from my branch: https://launchpad.net/~ahasenack/+archive/ubuntu/chrony/+packages

Please let me know what you think should be the next steps here, and I can start working through those.

Could you perhaps please test the package I have in the PPA, see if it addresses what CPC needs? Then I think the only remaining question is https://code.launchpad.net/~ankushpathak/ubuntu/+source/chrony/+git/chrony/+merge/469064/comments/1270553, what to do if the user has changed chrony.conf and does NOT accept the config from the new package.

As discussed in our sync-up:
* I'll update the MP with the changes from your branch.
* Test the changes, leaning on doing more CPC centric tests

> There is at least one remaining thing: what to do if the user has changed their chrony.conf, and opt to keep that config file in place in an upgrade. By default, the way things are now, we would install the ubuntu ntp sources in sources.d/, without removing them from chrony.conf (because the user opted to keep the config file instead of installing the new one from the package).

> Could we collate chrony.conf plus all snippets from sources.d/*.sources and grep for ntp pools or servers? Ir there are any, then we don't install ours, and act as if chrony/configure_default_pools_in_sourcesd had been preseeded with "false".

Capturing that, we've decided to continue with this specific scenario as being an acceptable side effect, for now.

I was just reminded that all these changes need coordination with how cloud-init handles ntp configuration in its module. In the bug that spawned this MP there were some comments about driving changes in cloud-init according to the plan here, what has been discussed with cloud-init so far, if anything?

I will discuss this today again with @catred and see what she thinks about the status of the complementary changes required to cloud-init.

Testing results on commit e19f54e
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/default-ntp-pools.sources` was created as expected. If the user chooses to keep the local version of `/etc/chrony/chrony.conf` in this case, chrony configuration is preserved as is. This is because `/etc/chrony/chrony.conf` on GCE instances does not import sources.d so the introduction of `/etc/chrony/sources.d/default-ntp-pools.sources` does not have an effect on the effective chrony configuration. This is a desired outcome.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/default-ntp-pools.sources` was created. Made some changes to `default-ntp-pools.sources` and then chrony was upgraded again to a version which had changes to `default-ntp-pools.sources`. This produced an ucf prompt for `default-ntp-pools.sources` as expected.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/default-ntp-pools.sources` was created. Chrony was upgraded again to a version which had changes to `default-ntp-pools.sources`. This did not produce an ucf prompt for `default-ntp-pools.sources` as expected.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/default-ntp-pools.sources` was created. Made some changes to `default-ntp-pools.sources` and then chrony was upgraded again. This did not produce an ucf prompt for `default-ntp-pools.sources` as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_default_pools_in_sourcesd` set to false. `/etc/chrony/default-ntp-pools.sources` was not created as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_default_pools_in_sourcesd` set to false. `/etc/chrony/default-ntp-pools.sources` was not created. Created `/etc/chrony/default-ntp-pools.sources` by hand and upgraded chrony again to a version which had changes to `default-ntp-pools.sources`. No ucf prompt and user version of `default-ntp-pools.sources` was preserved as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_default_pools_in_sourcesd` set to false. `/etc/chrony/default-ntp-pools.sources` was not created. Created `/etc/chrony/default-ntp-pools.sources` by hand and upgraded chrony again. No ucf prompt and user version of `default-ntp-pools.sources` was preserved as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_default_pools_in_sourcesd` set to false. `/etc/chrony/default-ntp-pools.sources` was not created. Upgraded chrony again to a version which had changes to `default-ntp-pools.sources`. No ucf prompt and `/etc/chrony/default-ntp-pools.sources` was not created as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_default_pools_in_sourcesd` set to false. `/etc/chrony/default-ntp-pools.sources` was not created. Upgraded chrony again. No ucf prompt and `/etc/chrony/default-ntp-pools.sources` was not created as expected.
* Created `/etc/chrony/default-ntp-pools.sources` identical to one in this fix on a GCE noble instance. Upgraded chrony. There was no ucf prompt for `default-ntp-pools.sources` as expected.
* Created `/etc/chrony/default-ntp-pools.sources` different from the one in this fix on a GC...

Question inline about e19f54ec9fe768dcd59ee5ff0b1c94d6ae58db9c

Responded in-line.

Updated with the name change.

I uploaded to the ppa

The ppas are built, could you take it for another round of testing please?

I'll start testing, but will most likely not finish today. Are we still good if I need until tomorrow to complete testing?

What's the story with cloud-init? That is important, we can't break them just out of the blue. How did the conversations go?

I checked with @catred about this. She said that the current approach of this bug fix should be safe to land and not break cloud-init since cloud-init overwrites chrony.conf. The build hooks for any cloud images that rely on cloud-init to configure chrony will need to be updated to set `chrony/configure_default_pools_in_sourcesd` debconf question to false. An example of this is GCE images.
I will request her to chime in here in case she has more insights.

> since cloud-init overwrites chrony.conf

Let's say you have an image that has pre-seeded that question with false, i.e., there is no default ubuntu ntp sources in sources.d, and chrony.conf has no default ntp sources, and you injected a new sources.d/mycloud.sources with the correct sources for that cloud.

Then someone boots that image and tells cloud-init to use a pool of myntp.example.com.

When that system boots, won't it now have two pools? One for myntp.example.com defined in chrony.conf, and another one coming from sources.d/mycloud.sources?

Or does cloud-init *remove* the sourcedir option from chrony.conf?

Based on my testing on GCE, chrony.conf written by cloud-init does not have the sourcedir directive.

Added some responses inline.

Testing result on commit 0f78c08
TLDR: Tests look good.

* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/ubuntu-ntp-pools.sources` was created as expected. If the user chooses to keep the local version of `/etc/chrony/chrony.conf` in this case chrony configuration is preserved as is. This is because `/etc/chrony/chrony.conf` on GCE instances does not import sources.d so the introduction of `/etc/chrony/sources.d/ubuntu-ntp-pools.sources` does not have an effect. This is an desired outcome.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/ubuntu-ntp-pools.sources` was created. Some changes made to `ubuntu-ntp-pools.sources` and then chrony was upgraded again to a version which had changes to `ubuntu-ntp-pools.sources`. This produced an ucf prompt for `ubuntu-ntp-pools.sources` as expected.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/ubuntu-ntp-pools.sources` was created. Chrony was upgraded again to a version which had changes to `ubuntu-ntp-pools.sources`. This did not produce an ucf prompt for `ubuntu-ntp-pools.sources` as expected.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/ubuntu-ntp-pools.sources` was created. Some changes made to `ubuntu-ntp-pools.sources` and then chrony was upgraded again. This did produce an ucf prompt for `ubuntu-ntp-pools.sources` as expected.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/ubuntu-ntp-pools.sources` was created. Set `chrony/configure_ubuntu_pools_in_sourcesd` to false, deleted `/etc/chrony/sources.d/ubuntu-pools-ntp.sources`. Upgraded chrony to a version which had changes to `ubuntu-ntp-pools.sources`. This did not produce an ucf prompt and `/etc/chrony/sources.d/ubuntu-pools-ntp.sources` was not created as expected.
* Upgraded chrony on a GCE noble instance. `/etc/chrony/sources.d/ubuntu-ntp-pools.sources` was created. Set `chrony/configure_ubuntu_pools_in_sourcesd` to false, deleted `/etc/chrony/sources.d/ubuntu-pools-ntp.sources`. Upgraded chrony again. This did not produce an ucf prompt and `/etc/chrony/sources.d/ubuntu-pools-ntp.sources` was not created as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_ubuntu_pools_in_sourcesd` set to false. `/etc/chrony/ubuntu-ntp-pools.sources` was not created as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_ubuntu_pools_in_sourcesd` set to false. `/etc/chrony/ubuntu-ntp-pools.sources` was not created. Created `/etc/chrony/ubuntu-ntp-pools.sources` by hand and upgraded chrony again to a version which had changes to `ubuntu-ntp-pools.sources`. No ucf prompt and user version of `ubuntu-ntp-pools.sources` was deleted as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_ubuntu_pools_in_sourcesd` set to false. `/etc/chrony/ubuntu-ntp-pools.sources` was not created. Created `/etc/chrony/ubuntu-ntp-pools.sources` by hand and upgraded chrony again. No ucf prompt and user version of `ubuntu-ntp-pools.sources` was deleted as expected.
* Upgraded chrony on a GCE noble instance with `chrony/configure_ubuntu_pools_in_sourcesd` set to false. `/etc/chrony/ubuntu-ntp-pools.sources` was not create...

inline

d/changelog

Inline response.

replied

Inline response

Then please commit the changes and push (don't forget the d/changelog update), thanks!

A couple of inline questions.

Replied, let's see what it looks like committed.

Only d/changelog fixes.

Updated changelog

Update changelog

That's it, +1!

Sponsored:

Uploading chrony_4.5-3ubuntu2.dsc
Uploading chrony_4.5-3ubuntu2.debian.tar.xz
Uploading chrony_4.5-3ubuntu2_source.buildinfo
Uploading chrony_4.5-3ubuntu2_source.changes

Thanks!
Should I update the MP status to "Merged"?

Ah! Saw the update.